Dropbox is requiring users who have not changed their passwords since mid-2012 to reset

The action appears to be related to continued fallout over the massive hack on LinkedIn in 2012 where credentials for 117 million accounts were posted online. In recent months, treasure troves of user credentials and passwords — in addition to a large MySpace hack disclosed in May — have been discovered. Even though the data for these accounts is old, often passwords remain unchanged for long periods of time and are re-used across multiple accounts, leaving entire online identities vulnerable to hacks.

Dropbox’s intelligence team identified the existence of a file that contained hashed and salted passwords, according to a person familiar with the matter. That file pertains to passwords that were likely obtained in connection to the LinkedIn hack. While the information appears to have been taken from then and quietly held for some time, it is now surfacing, this person said. Dropbox earlier disclosed that usernames and passwords that were obtained in 2012 were used to access some accounts.

Dropbox doesn’t believe that any accounts have been improperly accessed, the company said in a blog post. During the 2012 incident, one Dropbox employee’s account was accessed with a project document that contained email addresses. In connection with the existence of the file, Dropbox is requiring its users to reset their passwords if they have remained unchanged.

source:  dropbox

No comments

blogmytuts. Powered by Blogger.